What Is Claimed Is; 



1 LA method for protecting a server against denial-of-service attacks^ 

2 comprising: 

3 receiving a request for service at the server, wherein the request is received 

4 from a client; 

5 in response to the request, sending a random number, y, and an identifier, 

6 idjy to the client; 

7 allowing the client to compute a preimage, x, such that y = h{x); 

8 receiving an answer from the client, including the preimage x and an 

9 identifier, idf, 

^ 1 0 verifying that the identifier, idi, sent to the client matches the identifier, 

C3 1 1 id2, received from the client; 

1^ 12 if the identifiers match, computing h(x); and 



m 
m 



13 if h(x) = y, performing the requested service for the client; 

14 whereby the server avoids computing h{x) until the server receives the 

1 5 answer with a matching identifier. 



CP 1 2. The method of claim 1 , wherein the server sends a parameter, n, 

ry 2 along with the random number y to the client, wherein the parameter n varies the 

3 amount of computational work involved in computing the preimage x. 

1 3 . The method of claim 2, wherein the parameter n specifies that a 

2 subset ofn bits of h{x) has to match a corresponding subset of n bits of>'. 

1 4. The method of claim 1 , wherein computing the preimage, x, takes 

2 more computational effort than computing /z(x), whereby the cUent is forced to 
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perform more computational work than the server before the server performs the 
requested service. 



w 
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1 5 . The method of claim 1 , wherein ify^ h{x\ the server ignores 

2 subsequent communications from the cUent. 

1 6. The method of claim 1 , wherein \fy^ h{x\ the server becomes 

2 slower in responding to subsequent communications from the client, distinguished 

3 from other clients, as by its source IP address. 

1 7. The method of claim 6, wherein each time the server determines 

2 h{x\ the server doubles the service time for the client, distinguished from 

3 other clients, as by its source IP address, so that the server spends progressively 

4 less time servicing requests for the client, 

1 8 . The method of claim 1 , 

2 wherein sending the random nximber, and the identifier, idi, to the client 

3 involves first, 

4 generating the random number y and the identifier idr, and 

5 storing the random number y and the identifier idi at the 

6 server; and 

7 wherein verifying that idi matches id2 involves first looking up idi and the 

8 random number y at the server. 

1 9. The method of claim 1 , wherein h{x) is a hash fimction. 
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1 1 0. The method of claim 1 , wherein the identifier, idj, is inferred from 

2 data related to the communication. 



1 11 . A computer-readable storage medium storing instructions that 

2 when executed by a computer cause the computer to perform a method for 

3 protecting a server against denial-of-service attacks, the method comprising: 

4 receiving a request for service at the server, wherein the request is received 

5 from a client; 

6 in response to the request, sending a random number, y, and an identifier, 

7 idi, to the client; 

8 allowing the client to compute a preimage, x, such that y = h{x)\ 

9 receiving an answer from the client, including the preimage x and an 

10 identifier, idf, 

1 1 verifying that the identifier, idu sent to the client matches the identifier, 

12 id2, received from the client; 

1 3 if the identifiers match, computing h{x)\ and 

1 4 if h{x) = y, performing the requested service for the client; 

1 5 whereby the server avoids computing h(x) vintil the server receives the 

1 6 answer wdth a matching identifier. 

1 12. The computer-readable storage medium of claim 1 1 , wherein the 

2 server sends a parameter, «, along with the random number y to the client, wherein 

3 the parameter n varies the amount of computational work involved in computing 

4 the preimage x. 
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1 13, The computer-readable storage medium of claim 1 1 , wherein the 

2 parameter n specifies that a subset of n bits of h(x) has to match a correspondmg 

3 subset of n bits of y, 

1 14. The computer-readable storage medium of claim 1 1 , wherein 

2 computmg the preimage, x, takes more computational effort than computing h{x), 

3 whereby the client is forced to perform more computational work than the server 

4 before the server performs the requested service. 

1 15. The computer-readable storage medium of claim 1 1 , wherein if 

2 y:^ h{x\ the server ignores subsequent communications from the client. 

1 16. The computer-readable storage medium of claim 1 1 , wherein if 

2 y^ hix), the server becomes slower in responding to subsequent communications 

3 from the client, distinguished from other clients, as by its source IP address. 

CP 

s 

□ 1 17. The computer-readable storage medium of claim 16, wherein each 

S 2 time the server determmes y ^ h(x), the server doubles the service time for the 

I J 3 client, distinguished from other clients, as by its source IP address, so that the 

fU 4 server spends progressively less time servicing requests for the client. 

1 18. The computer-readable storage medium of claim 1 1 , 

2 wherein sending the random number, y, and the identifier, id], to the client 

3 involves first, 

4 generating the random number y and the identifier idj; and 

5 storing the random number and the identifier idj at the 

6 server; and 
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wherein verifying that idi matches id2 involves first looking up idj and the 
random number at the server. 



1 1 9. The computer-readable storage medium of claim 1 1 , wherein h{x) 

2 is a hash function. 

1 20. The computer-readable storage medium of claim 1 1 , wherein the 

2 identifier, idj, is inferred fi:om data related to the communication. 

1 2 1 . An apparatus that protects a server against denial-of-service 

2 attacks, comprising: 

3 the server; 

4 a receiving mechanism within the server that is configured to receive a 

5 request for service firom a client; 

III 6 an access mechanism, wherein in response to the request, the access 

Cfl 

5 . 7 mechanism is configured to, 

8 send a random number, y, and an identifier, idj, to the 



i 



13 9 client, 

Q 10 allow the cHent to compute a preimage, x, such that 
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11 y-Kxi 

1 2 receive an answer from the client, including the preimage x 

1 3 and an identifier, id2, and to 

14 verify that the identifier, idj, sent to the client matches the 

15 identifier, /W^, received from the client, 

1 6 wherein if the identifiers match, the access mechanism is configured to 

1 7 compute k(x); and 
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wherein if h{x) =y, the server is configured to perform the requested 
service for the client; 

whereby the server avoids computing h(x) until the server receives the 
answer with a matching identifier. 

22. The apparatus of claim 21, wherein the access mechanism is 
configured to send a parameter, n, along with the random number to the client, 
wherein the parameter n varies the amount of computational work involved in 
computing the preimage x, 

23. The apparatus of claim 22, wherein the parameter n specifies that a 
subset of n bits of h{x) has to match a corresponding subset of n bits of 3;. 

24. The apparatus of claim 21 , wherein computing the preimage, x, 
takes more computational effort than computing h(x), whereby the client is forced 
to perform more computational work than the server before the server performs 
the requested service. 

25. The apparatus of claim 2 1 , wherein ifyp^ h{x\ the server is 
configured to ignore subsequent communications from the client. 

26. The apparatus of claim 21, wherein liy^ h{x\ the server is 
configured to become slower in responding to subsequent communications fi'om 
the client, distinguished from other clients, as by its source IP address, 

27. The apparatus of claim 26, wherein each time the server 
determines y hix\ the server is configured to double the service time for the 
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client, distinguished from other clients, as by its source IP address, so that the 
server spends progressively less time servicing requests for the client. 
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1 28. The apparatus of claim 21, wherein the access mechanism is 

2 additionally configured to: 

3 generate the random number y and the identifier idj ; 

4 store the random number y and the identifier idj at the server; and 

5 upon receiving the ansv^er from the client, to look up idj and the random 

6 number y at the server. 

1 29. The apparatus of claim 2 1 , wherein h{x) is a hash function. 

1 30. The apparatus of claim 21, wherein the identifier, idj, is inferred 

2 from data related to the communication. 
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